Session object timout

[Steve Peterson]

Hi

I have an application that is designed for multi clients, therefore users
must go through a login page. Upon logging in I set some properties in a
class, one of which is the user id (integer) retrieved from the SQL db and
also the company id that successfully logged in. I then add this this class
to a session object which I named "CurrentUserInfo".

Since the app relies on retrieving only information for the company of which
the user belongs, I added a small check on the Page_Load of each web form to
make sure that the session id of the user not zero (has to be - it's a
identity from table). If the check fails then I redirect the user back to
the login page so the have to login again, thus recreating the session
object which holds the class I mentioned above.

Since several of our clinets like to use this app like a windows app, or
rather the log in and then leave thier browser open while they talk on the
phone, go to lunch et.. they complained that it was inconvient that they had
to always relog in. So in the web.config I upped the sessionstate "Timeout"
value to 180 (3 hours).

However, I'm still getting complaints that they are getting bumped back to
the login page. I tested this myself by loggin in and leaving my browser
window open, and sure enough I get bumped after 20-30 min. It varies, but
certainly not 3 hours.

Does anyone have any ideas on why my session object is timing out?

TIA

Steve

 

[Dennis Wijnker]

Hello Steve,

Aside from the fact that I kind of like an application timing out for security
reasons, I'll try to respond to your question You are not specifying your
OS and IIS level, but the phenomenon may be caused by the default "Idle Timeout"
setting of the Application Pool that your ASP.NET app is running in. The
Application pool was introduced in Windows 2003 with IIS 6.0, to better manage
your ASP.NET application amongst others for stability purposes. You can find
and change this setting by doing the following:
- Open IIS Manager
- Expand the "Application Pools" node
- Expand the "DefaultAppPool" (you should see your ASP.NET application in
the list, otherwise try to find it in a different pool)
- Right-Click on the "DefaultAppPool" and click "Properties"
- Navigate to the "Performance Tab"
- Change the "Idle Timeout" to the desired value.

Good luck,
Dennis

 

[Steve Peterson]

Thanks Dennis!

I just changed the setting, so hopefully that'll do the trick. My test
platform is XP Pro, production machine is Win 2003. I never knew this
setting even existed.

Yeah - I didn't like the idea of increasing to 3 hours, & I did point out
the security risks to the higher aboves. But seeing as my paycheck is signed
by someone else... Need I say more? I'm sure there are many programmers out
there that are victims (and end up paying for) poor decisions by non
programmers for the sake of $$$.. Sigh..

Steve